Introducing IdentityServer4 for authentication and access control in ASP.NET Core

This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer.

Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer is a popular open source framework for implementing authentication, single sign-on and API access control using ASP.NET.

While IdentityServer3 has been around for quite a while, it was based on ASP.NET 4.x and Katana. For the last several months we’ve been working on porting IdentityServer to .NET Core and ASP.NET Core. We are happy to announce that this works is now almost done and IdentityServer4 RC1 was published to NuGet on September 6th.

IdentityServer4 allows building the following features into your applications:

Authentication as a Service
Centralized login logic and workflow for all of your applications (web, native, mobile, services and SPAs).

Access Control for APIs
Issue access tokens for APIs for various types of clients, e.g. server to server, web applications, SPAs and native/mobile apps.

Federation Gateway
Support for external identity providers like Azure Active Directory, Google, Facebook etc. This shields your applications from the details of how to connect to these external providers.

Focus on Customization
The most important part – many aspects of IdentityServer can be customized to fit your needs. Since IdentityServer is a framework and not a boxed product or a SaaS, you can write code to adapt the system the way it makes sense for your scenarios.

Tags

Join the conversation

I would like to implement an IdentityServer4 id server that uses active directory for user authentication. Can anyone point me in the right direction. I’ve looked through the IdentityServer4 documentation but so far have not found any details on where I can plug in my own user authenticator or anything like that. Any help would be greatly appreciated.